By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
The vulnerability involves two components of the firewall that handle e-mails, PGP said. Both components are vulnerable to a buffer overflow attack in which a large amount of data is sent to them, causing an error in the system that could give an attacker access, the company said. The company has released a patch, which it describes as "mandatory".
Affected products are Gauntlet for Unix versions 5.x and higher, PGP e-ppliance 300 series version 1.0 and higher, PGP e-ppliance 1000 series versions 1.5 and 2.0, McAfee e-ppliance 100 and 120 series and McAfee WebShield for Solaris v4.1. For users with HP-UX Gauntlet 5.x systems, the patch will only work if HP-UX 11.0 or higher is installed or if patch PHCO_16723 has been applied, PGP said.
The flaw was discovered by Garrison Technologies
Patches for Gauntlet and the e-ppliance series can be found at: ftp://ftp.nai.com/pub/security/ and www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp/
Patches for the McAfee products are available at: www.mcfeeb2b.com.